Revert Adding @derek-ho as a maintainer (opensearch-project#1758) #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Snapshot based E2E SAML tests workflow | |
on: [ push, pull_request ] | |
env: | |
OPENSEARCH_VERSION: '3.0.0' | |
CI: 1 | |
# avoid warnings like "tput: No value for $TERM and no -T specified" | |
TERM: xterm | |
PLUGIN_NAME: opensearch-security | |
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | |
jobs: | |
tests: | |
name: Run Cypress E2E SAML tests | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout Branch | |
uses: actions/checkout@v3 | |
# Add SAML Configuration | |
- name: Create SAML Configuration for Linux | |
if: ${{ runner.os == 'Linux'}} | |
run: | | |
echo "Creating new SAML configuration" | |
cat << 'EOT' > config_saml.yml | |
--- | |
_meta: | |
type: "config" | |
config_version: 2 | |
config: | |
dynamic: | |
http: | |
anonymous_auth_enabled: false | |
authc: | |
basic_internal_auth_domain: | |
description: "Authenticate via HTTP Basic against internal users database" | |
http_enabled: true | |
transport_enabled: true | |
order: 0 | |
http_authenticator: | |
type: basic | |
challenge: false | |
authentication_backend: | |
type: intern | |
saml_auth_domain: | |
http_enabled: true | |
transport_enabled: false | |
order: 1 | |
http_authenticator: | |
type: saml | |
challenge: true | |
config: | |
idp: | |
entity_id: urn:example:idp | |
metadata_url: http://localhost:7000/metadata | |
sp: | |
entity_id: https://localhost:9200 | |
kibana_url: http://localhost:5601 | |
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464 | |
authentication_backend: | |
type: noop | |
EOT | |
echo "THIS IS THE SECURITY CONFIG FILE: " | |
cat config_saml.yml | |
# Configure the Dashboard for SAML setup | |
- name: Configure and Run OpenSearch Dashboards with SAML Configuration | |
if: ${{ runner.os == 'Linux' }} | |
run: | | |
cat << 'EOT' > opensearch_dashboards_saml.yml | |
server.host: "localhost" | |
opensearch.hosts: ["https://localhost:9200"] | |
opensearch.ssl.verificationMode: none | |
opensearch.username: "kibanaserver" | |
opensearch.password: "kibanaserver" | |
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | |
opensearch_security.multitenancy.enabled: true | |
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
opensearch_security.cookie.secure: false | |
server.xsrf.allowlist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] | |
opensearch_security.auth.type: ["saml"] | |
opensearch_security.auth.multiple_auth_enabled: true | |
opensearch_security.auth.anonymous_auth_enabled: false | |
home.disableWelcomeScreen: true | |
EOT | |
echo 'HERE IS THE DASHBOARD CONFIG FILE: ' | |
cat opensearch_dashboards_saml.yml | |
- name: Run Cypress Tests | |
uses: ./.github/actions/run-cypress-tests | |
with: | |
security_config_file: config_saml.yml | |
dashboards_config_file: opensearch_dashboards_saml.yml | |
yarn_command: 'yarn cypress:run --browser chrome --headless --spec "test/cypress/e2e/saml/*.js"' |